Re: Becoming a package maintainer

To: Avery Pennarun <apenwarr@worldvisions.ca>
Cc: debian-devel@lists.debian.org
Subject: Re: Becoming a package maintainer
From: Igor Grobman <igor@digicron.com>
Date: Mon, 16 Feb 1998 09:05:28 -0500
Message-id: <[🔎] 199802161405.JAA01021@hmm.nowhere>
In-reply-to: Your message of "Mon, 16 Feb 1998 08:35:02 EST." <[🔎] 19980216083502.54390@worldvisions.ca>

>>>>> On Mon, 16 Feb 1998, "AP" == Avery Pennarun wrote:

  AP> While we're here, I know we don't want to make it any _more_ difficult
  AP> to become a new maintainer, but step 2 as stated doesn't provide any
  AP> additional security at all.  For example, someone at Debian (or someone
  AP> who intercepts my message along the way, steals it from my computer,
  AP> etc.) could grab the image, use GIMP to write their own PGP fingerprint
  AP> on it, re-sign the message, and send it out again.

  AP> I think the intent of the rule is to require a _handwritten_ PGP
  AP> fingerprint on the actual image, before it is scanned.  With modern tools
  AP> like GIMP, of course, even that's pretty hazy security...


We dropped the requirement for the reasons you gave above.
 
-- 
Proudly running Debian Linux! Linux vs. Windows is a no-Win situation....
Igor Grobman           igor@debian.org                 igor@digicron.com 



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: Becoming a package maintainer
  - From: Avery Pennarun <apenwarr@worldvisions.ca>

Prev by Date: Re: NCPFS seems broken on 2.1 kernels...
Next by Date: Re: Becoming a package maintainer
Previous by thread: Re: Becoming a package maintainer
Next by thread: Re: Becoming a package maintainer
Index(es):
- Date
- Thread